The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2010-2449 | Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | MEDIUM | Nov 9, 2019 | n/a |
| CVE-2010-2447 | gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | HIGH | Nov 12, 2019 | n/a |
| CVE-2010-2446 | Rbot Reaction plugin allows command execution | HIGH | Nov 8, 2019 | n/a |
| CVE-2010-2250 | Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | MEDIUM | Nov 12, 2019 | n/a |
| CVE-2010-2247 | makepasswd 1.10 default settings generate insecure passwords | MEDIUM | Nov 12, 2019 | n/a |
| CVE-2010-2245 | XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document. | -- | Aug 8, 2017 | n/a |
| CVE-2010-2243 | A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS. | HIGH | Nov 8, 2019 | n/a |
| CVE-2010-2232 | In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. | MEDIUM | Oct 23, 2017 | n/a |
| CVE-2010-2222 | The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | MEDIUM | Nov 8, 2019 | n/a |
| CVE-2010-2069 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-2064 | rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | LOW | Oct 30, 2019 | n/a |
| CVE-2010-2061 | rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started. | HIGH | Oct 30, 2019 | n/a |
| CVE-2010-1884 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1839 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1835 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1827 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1826 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1821 | Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | High | Apr 20, 2017 | n/a |
| CVE-2010-1816 | Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. | High | Apr 21, 2017 | n/a |
| CVE-2010-1798 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1779 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1776 | Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | -- | Apr 24, 2017 | n/a |
| CVE-2010-1765 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2010-1700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1698 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1697 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1696 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1695 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1694 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1678 | Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | MEDIUM | Oct 30, 2019 | n/a |
| CVE-2010-1673 | A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2010-1631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1435 | Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | HIGH | Jun 25, 2021 | n/a |
| CVE-2010-1434 | Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | MEDIUM | Jun 25, 2021 | n/a |
| CVE-2010-1433 | Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | HIGH | Jun 25, 2021 | n/a |
| CVE-2010-1432 | Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | MEDIUM | Jun 25, 2021 | n/a |
| CVE-2010-1430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-1154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-0813 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-0809 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2010-0771 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3552. Reason: This candidate is a reservation duplicate of CVE-2010-3552. Notes: All CVE users should reference CVE-2010-3552 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2010-0749 | Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2010-0748 | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | HIGH | Oct 31, 2019 | n/a |
| CVE-2010-0747 | drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2010-0742 | The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. | High | Jun 4, 2010 | n/a |
| CVE-2010-0740 | The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. | Medium | Mar 29, 2010 | n/a |
| CVE-2010-0737 | A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. | MEDIUM | Oct 31, 2019 | n/a |
